PATENT 

Atty Docket No. 1 387-001/MMM 

In the claims : 

The claims in the application are indicated below: 

1. (Previously presented) In a processing system including a server capable of 
communicating with plural clients via a computer network, a method of authenticating 
for a first client a data object that is provided by a second client, the method comprising 
the steps of, in the sen/er, 

receiving the data object transmitted from the second client to the server via the 
computer network; 

generating at the server a signature corresponding to the second client by 
processing the data object; 

associating the signature with the data object at the server to create a signed 

object; 

delivering the signed object to the first client; and 

returning the signed object from the first client to the server to authenticate that 
the signature of the signed object corresponds to the second client, the authentication 
including deriving from the signed object information representative of the data object 
and the signature, generating a comparison value using the information representative 
of the data object, and determining whether the comparison value and at least a portion 
of the signature meet a pre-determined criteria. 

2. (Original) The method of claim 1 wherein the data object comprises a 
document. 

3. (Previously presented) The method of claim 1 further including the step of 
authenticating the second client at the sen/er in connection with the second client 
transmitting the data object being to the server. 

4. (Previously presented) The method of claim 3 wherein the second client is 
authenticated by the server using information representative of the client. 
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5. (Previously presented) The method of claim 4 wherein the information 
representative of the second client comprises a password provided from the second 
client. 

6. (Previously presented) The method of claim 3 wherein the second client is 
authenticated by the server using an encrypted data channel. 

7. (Original) The method of claim 6 wherein the encrypted data channel utilizes 
a SSL protocol. 

8. (Previously presented) The method of claim 3 wherein the second client is 
authenticated by the server using a public key-based processing step. 

9. (Previously presented) The method of claim 8 wherein the public key-based 
processing step includes presentation of a client certificate. 

10. (Previously presented) The method of claim 9 wherein the second client and 
server mutually authenticate using a zero-knowledge proof step. 

1 1 . (Previously presented) The method of claim 3 including the further step of 
creating and managing in the server a private associated with the second client, the 
private key being used in the step of generating the signature. 

12. (Previously presented) The method of claim 1 1 wherein the server assigns 
the private key to the second client. 

13. (Previously presented) The method of claim 12 wherein the private key 
assigned to the second client is determined based upon information representative of 
the second client. 

14. (Previously presented) The method of claim 1 wherein the step of 
generating the signature includes the steps of assigning a private key to the second 
client; performing a predefined hash function on the data object to produce a hash total; 
and encyphering the hash total using the private key. 

15. (Original) The method of claim 1 wherein the signed object comprises the 
signature and an address of the data object. 
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16. (Original) The system of claim 1 wherein the signed object comprises the 
signature and the data object. 

17. (Currently amended) In a processing system comprising a server capable of 
communicating with plural clients via a computer network, a method of generating a 
digital signature, the method comprising the steps of: 

receiving at the server a data object transmitted from a sign i ng signature- 
requesting client via the computer network; 

assigning a descriptor to the data object at the server, the descriptor having a 
property field the includes a signature field; 

processing the data object using a pre-determined hash function and a private 
key to generate a signature, the private key being stored at the server in association 
with the client; 

attaching the signature to the signature field of the descriptor assigned to the 
data object to create a signed object; and 

returning the signed object to the s i gn i ng signature-reguesting client for delivery 
to a receiving client. 

18. (Currently amended) The method of claim 17 further including the steps of; 

receiving the signed object at the server from the receiving client; and 

authenticating the signed object at the server by verifying that the signature 
attached to the signature field of the signed object corresponds to the s i gn i ng signature- 
requesting client. 

19. (Previously presented) The method of claim 18 wherein authenticating the 
signed object further comprises the steps of: obtaining the data object from the signed 
object; obtaining the signature from the signed object; obtaining the private key stored 
at the server used to generate the signature; processing the data object using a pre- 
determined hash function and the private key to generate a comparison value; and 
determining whether the comparison value and at least a portion of the signature meet a 
pre-determined criteria. 
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20. (Original) The method of claim 19 wherein the property field further 
comprises a timestamp. 

21 . (Previously presented) The method of claim 19 wherein the property field 
further comprises an identifier used to look up the private key stored at the server. 

22. (Original) The method of claim 19 wherein the property field further 
comprises key information used to generate the comparison value. 

23. (Original) The method of claim 17 wherein the descriptor further comprises 
a plurality of property fields. 

24. (Original) The method of claim 23 wherein at least one of the property fields 
further comprises data that is private to the server. 

25. (Original) The method of claim 23 wherein at least one of the property fields 
further comprises additional data that is signed by a key private to the server. 

26. (Original) The method of claim 25 wherein the additional data is derived by 
processing the data object using a pre-determined function. 

27. (Original) The method of claim 26 wherein the pre-determined function is a 
hash function. 

28. (Original) The method of claim 26 wherein the pre-determined function is a 
transform function. 

29. (Original) The method of claim 25 wherein the additional data is obtained 
from a device. 

30. (Original) The method of claim 29 wherein the device receives the data 
object prior to subsequent processing by the server. 

31 . (Original) The method of claim 29 wherein the device does not receive the 
data object. 

32. (Original) The method of claim 29 wherein the device further comprises a 
device for generating a timestamp. 
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33. (Original) The method of claim 29 wherein the additional data, after being 
obtained from the device, is used by the server to generate the signature. 
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56. (Previously presented) A digital signature server system on a server 
capable of communicating with plural clients via a computer network, comprising: 

means for receiving a data object transmitted from a s i gn i ng signature-requesting 
client to the server via the computer network; 

means for generating at the server a signature corresponding to the s i gn i ng 
signature-requesting client by processing the data object; 

means for associating the signature with the data object to create a signed 

object; 

means for receiving the signed object at the server from a client other than the 
sign i ng signature-reguesting client; and 

means for authenticating that the signature of the signed object corresponds to 
the sign i ng signature-reguesting client, including deriving from the signed object 
information representative of the data object and the signature, generating a 
comparison value using the information representative of the data object, and 
determining whether the comparison value and at least a portion of the signature meet a 
pre-determined criteria. 

57. (Original) The system of claim 56 wherein the data object comprises a 
document. 

58. (Currently amended) The system of claim 56 further comprising means for 
obtaining at the server information representative of the s i gning signature-requesting 
client to authenticate the signing client. 

59. (Currently amended) The system of claim 56 further comprising means for 
creating and managing at the server a private key for the s i gn i ng signature-reguesting 
client used to generate the signature. 

60. (Cancelled) 

61 . (Currently amended) The system of claim 59 wherein the private key is 
assigned to the s i gning signature-reguesting client using information representative of 
the client. 



Page 7 of 19 



PATENT 

Atty Docket No. 1 387-001 /MMM 

62. (Currently amended) The system of claim 56 wherein the means for 
generating a signature further comprises assigning a private key to the s i gning 
signature-requesting client; performing a predefined hash function on the data object to 
produce a hash total; and encyphering the hash total using the private key, 

63. (Original) The system of claim 56 wherein the signed object comprises the 
signature and an address of the data object. 

64. (Original) The system of claim 56 wherein the signed object comprises the 
signature and the data object. 

65. (Currently amended) In a digital signature server system having a server 
capable of communicating with plural clients via a computer network, a computer 
readable medium, comprising: 

software for receiving a data object transmitted from a sign i ng signature- 
reguesting client to the server via the computer network; 

software for assigning to the data object a descriptor that includes a property field 
having a signature field; 

software for assigning and storing at the server a private key that corresponds to 
the siofKfta signature-reguesting client; 

software for processing the data object using a pre-determined hash function and 
the private key to generate a signature and to attach the signature to the signature field 
associated with the data object to create a signed object; and 

software to return the signed object to the s i gn i ng signature-reguesting client for 
delivery to a different client. 

66. (Previously presented) The medium of claim 65 further comprising: 
software for receiving the signed object from the different client; and 
software for authenticating the signed object. 

67. (Currently amended) The medium of claim 66 wherein the software for 
authenticating the signed object verifies that the signature attached to the signature 
field of the signed object corresponds to the s i gn i ng signature-reguesting client. 
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68. (Previously presented) The medium of claim 67 wherein verifying the 
signature further comprises obtaining the data object from the signed object; obtaining 
the signature from the signed object; obtaining the private key stored at the server used 
to generate the signature; processing the data object using a predetermined hash 
function and the private key to generate a comparison value; and determining whether 
the comparison value and at least a portion of the signature meet a predetermined 
criteria. 

69. (Previously presented) The medium of claim 67 wherein the property field 
further comprises a timestamp. 

70. (Previously presented) The medium of claim 67 wherein the property field 
further comprises an identifier used to look up a key stored at the server. 

71 . (Previously presented) The medium of claim 67 wherein the property field 
further comprises key information used to generate the comparison value. 

72. (Previously presented) The medium of claim 67 wherein the descriptor 
further comprises a plurality of property fields. 

73. (Previously presented) The medium of claim 72 wherein at least one of the 
property fields further comprises data that is private to the server. 

74. (Previously presented) The medium of claim 72 wherein at least one of the 
property fields further comprises additional data that is signed by a key private to the 
server. 

75. (Previously presented) The medium of claim 74 wherein the additional data 
is derived by processing the data object using a pre-determined function. 

76. (Previously presented) The medium of claim 75 wherein the pre-determined 
function is a hash function. 

77. (Previously presented) The medium of claim 75 wherein the pre-determined 
function is a transform function. 

78. (Previously presented) The medium of claim 74 further comprising a device 
for providing the additional data. 
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79. (Previously presented) The medium of claim 74 wherein the device receives 
the data object prior to subsequent processing by the server, 

80. (Previously presented) The medium of claim 74 wherein the device does not 
receive the data object. 

81 . (Previously presented) The medium of claim 74 wherein the device further 
comprises a device for generating a timestamp. 

82. (Previously presented) The medium of claim 81 wherein the server 
generates the signature after obtaining a timestamp from the device. 

83. (Cancelled) 

84. (Cancelled) 

85. (Cancelled) 

86. (Cancelled) 

87. (Cancelled) 

88. (Cancelled) 

89. (Cancelled) 

90. (Cancelled) 

91 . (Currently amended) The digital signature server system of claim 104 
wherein the means for verifying the digital signature further comprises: 

means for receiving the signed object from the v e r i fy i ng signature-verifying client; 

means for obtaining the data object using information contained within the signed 

object; 

means for obtaining the digital signature using information contained within the 
signed object; 

means for obtaining the private key stored on the server using information 
contained within the signed object; 

means for generating a comparison value using the data object; and 
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means for verifying the digital signature if the comparison value and at least a 
portion of the digital signature meet a predetermined criteria. 

92. (Previously presented) The digital signature server system of claim 104 
wherein the signed object comprises the digital signature and an address of the data 
object. 

93. (Previously presented) The digital signature server system of claim 104 
wherein the signed object comprises the digital signature and the data object. 

94. (Previously presented) The digital signature server system of claim 104 
wherein the signed object comprises the digital signature contained within the data 
object. 

95. (Previously presented) The digital signature server system of claim 104 
wherein the signed object comprises a hash of the data object contained within the 
digital signature. 

96. (Previously presented) The digital signature server system of claim 104 
further comprising means for authenticating a user before providing access to the 
system. 

97. (Original) The digital signature system of claim 96 wherein means for 
authenticating a user further comprises means for receiving a user ID and a password 
from the client. 

98. (Original) The digital signature system of claim 97 wherein the server 
assigns a private key to the client based upon the user ID. 

99. (Original) The digital signature system of claim 98 wherein the server 
assigns a private key to the client based upon a system policy and data obtained from 
the client. 

100. (Previously presented) The digital signature server system of claim 104 
wherein the digital signature further comprises: a encrypted field; and a timestamp, 
wherein the server generates the encrypted field by hashing the data object according 
to a predefined hash function to create a hash, and encrypts the hash using the private 
key assigned to the user. 
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101 . (Previously presented) The digital signature server system of claim 104 
wherein the digital signature further comprises a server key. 

102. (Original) The digital signature system of claim 100 further comprising: 
means for generating a verification response at the server; and means for transmitting 
the verification response to the client. 

103. (Original) The digital signature system of claim 100 further comprising: 
means for generating a verification signature for the verification response at the server; 
and means for transmitting the verification signature to the client. 

104. (Currently amended) A digital signature server system for use by plural 
remote clients in network communication with a server, the system comprising: 

processing means on the server for generating a private key corresponding to a 
user at a s i gning signature-requesting client; 

storing means on the server for storing the private key; 

processing means for generating a digital signature using the private key for a 
data object provided by the user from the s i gning signature-reguesting client, the 
processing means performing a pre-defined hash function on the data object to create a 
hash value and performing a pre-defined encryption function using the private key on 
the hash value; 

transmitting means for sending the digital signature from the server to the s i gn i ng 
signature-requesting client within a signed object; 

receiving means for receiving the signed object at the server from a v e r i fying 
signature-verifying client that is different from the signing signature-reguesting client; 
and 

verifying means for verifying at the server that the digital signature in the signed 
object received from the v e rify i ng signature-verifying client corresponds to the user at 
the sign i ng signature-reguesting client. 
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